I have modified the asn1 module of the patch and tested it with other implementation (iaik). I successful verify using iaik a timestamp signed by openssl using sha256 RSASSA-PSS, saltlen=64 ,default trailer. Mechanism is ok for me.
Francesco Petruzzi francesco.petru...@innovery.it -------- The information contained in this electronic message and any attachments (the "Message") is intended for one or more specific individuals or entities, and may be confidential, proprietary, privileged or otherwise protected by law. If you are not the intended recipient, please notify the sender immediately, delete this Message and do not disclose, distribute, or copy it to any third party or otherwise use this Message. Electronic messages are not secure or error free and can contain viruses or may be delayed, and the sender is not liable for any of these occurrences. The sender reserves the right to monitor, record and retain electronic messages. -------- Le informazioni contenute in questo messaggio e gli eventuali allegati (il "Messaggio") si intendono inviate a uno o piú specifici destinatari. Il contenuto del Messaggio puó essere confidenziale, riservato e comunque protetto dalla legge applicabile. Se non siete i destinatari del Messaggio, siete pregati di informare immediatamente il mittente, cancellare questo Messaggio, non rivelarlo, non distribuirlo ne' inoltrarlo a terzi, non copiarlo né farne alcun uso. I messaggi di posta elettronica non sono sicuri e sono soggetti ad alterazioni, possono essere trasmettitori di Virus informatici o soggetti a ritardi nella distribuzione. Il mittente del Messaggio non puó essere in alcun modo considerato responsabile per queste evenienze. Il mittente si riserva il diritto di archiviare, ritenere e controllare i messaggi di posta elettronica. -----Messaggio originale----- Da: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] Per conto di Stephen Henson via RT Inviato: mercoledì 10 febbraio 2010 14.33 A: li...@kaiser.cx Cc: openssl-dev@openssl.org Oggetto: [openssl.org #1951] [patch] verification of X.509 certificates that contain an RSASSA-PSS signature > [li...@kaiser.cx - Sun Feb 07 20:31:00 2010]: > > > Dear OpenSSL team and all, > > finally, here's my patch (against today's 1.1 snapshot) for verification > of X.509 certificates using an RSASSA-PSS signature. I believe it is > fairly complete in terms of checking parameters. > > The patch follows the idea that I outlined in previous posts > > - two new ASN.1 objects for pss, mgf1 > - in obj_xref.txt, pss uses digest undef > -> verify routine has to determine the digest by itself > - ASN1_item_verify() uses EVP_DigestVerify... API > - rsa_st gets two new elements > - param_decode method for rsa parses rsa key's parameters in the > certificate > - at verification time, pss parameters are copied into EVP_PKEY_CTX > > This time, I really do hope to get some feedback. Reviewing this won't > be wasted time, I'm happy to improve the code until it is ready for > merging. > > As such pss certificates are now being deployed by the millions for > digital pay-tv in Europe (www.ci-plus.com), I feel that OpenSSL should > support them. > As has been indicated the PSS ASN1 module is incorrect. Does that actually verify PSS signatures correctly with non-default algorithms? I'd expect ASN1 parsing errors. A quick look through (I'm not short of things to do at the moment alas...) suggests ctrl return codes aren't checked properly in a number of places. I also find the lack of any use of the PSS OID as rather strange. The specifications I've seen should require it is at least checked. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
